We will keep updating this compendium with new database names that we find associated with Ransomware and new technologies.

MongoDB

We're seeing multiple players attacking MongoDB, regular scans show changes in database names, where in some cases we saw "WARNING" on top on a second scan "PLEASE_READ_ME" was in the lead (these scans were 24 hours apart), this shows that hackers are competing for machines/databases and there are lots of different attacks happening simultaneously.

Redis

Ransomware on Redis has previously been detected by DuoSecurity. This is something that is still happening. If you want to check if your redis instance has been attacked, check your keys using the "KEYS *" command on redis command line, and if you have a key named crackit you might be affected.